David Bischoff, Principal Cyber Defense Consultant
Managed Detection & Response (MDR)
Fully comprehensive at the highest level.
- Complete solution including hardware, software and services.
- Combination of anomaly detection and mature use cases.
- Best price-performance ratio for medium-sized businesses.
from cyber attacks
from cyber attacks
to cyber attacks
With SECUINFRA’s MDR service, you won’t get lost in a flood of alerts. We undertake not only the DETECTION of cyber-attacks, but also their ANALYSIS and RESPONSE.
Comprehensive DETECTION of cyber attacks
In our Managed Detection and Response Service (MDR), cyber attack detection is technologically based on the three pillars of endpoint-based, log-data-based and network-based attack detection.
Endpoint-based attack detection & response
At the endpoint, we deploy advanced Endpoint Detection & Response (EDR) systems. Unlike outdated signature-based detection mechanisms such as AntiVirus, modern EDR systems detect anomalies in the execution of programs. If cyber attacks are detected, they can already be defended against automatically at the endpoint.
Log-based attack detection
At the heart of our MDR service is Security Information & Event Management (SIEM). Here we process all relevant log data from your company and supplement it with contextual information and threat intelligence feeds. We rely on our globally unique SIEM Use Case Library including Cyber Deception. Use-case-based attack detection is complemented by machine learning.
Network-based attack detection & response
The analysis of network-based data is two-pronged in our MDR service. Both a classic intrusion detection system (IDS) and a modern, protocol-based network detection & response (NDR) system are used. If cyber attacks are detected, they can be defended against automatically at the network level using NDR.
Rapid RESPONSE to cyber attacks
In the event of a cyber attack, in addition to detection and analysis, rapid and professional response is critical. That’s why, when it comes to defending against cyber attacks, we rely on a combination of automated response technologies such as Endpoint Detection & Response (EDR), Network Detection & Response (NDR) and Security Orchestration, Automation and Response (SOAR) on the one hand, and the expert know-how of our cyber defense analysts on the other, who are on duty for you 24/7. In the event of a major incident, our incident responders will support you.
Once an attacker has compromised a system, every minute counts. To stop the attack as early as possible, we rely on automated response technologies. These stop the attacker at the endpoint using EDR, on the network using NDR, and at any other location using SOAR. Which actions are automated is coordinated in advance.
Fastest response through automated response technologies
24/7 response by cyber defense experts
In addition to automated response technologies, our cyber defense analysts are available 24/7. If necessary, they block compromised accounts, disconnect infected systems from the network, or perform other actions agreed upon in the Incident Response Plan.
Holistic DETECTION + ANALYSIS + RESPONSE
of cyber attacks instead of flood of alarms!
Many competitors offer only the operation of cyber-attack detection technologies, relying on manufacturers’ standard rules. Ideally, the alarms generated in this way are evaluated before they are forwarded. The actual work, the in-depth analysis and defense against cyber attacks, is left to you, the customer.
SECUINFRA offers you a holistic approach, from detection to analysis and response.
With our MDR service, you can achieve a level of security that is otherwise only reserved for large corporations.
David Bischoff, Principal Cyber Defense Consultant
Expert know-how for your safety
Our cyber defense experts are available 24/7 and have in-depth training and experience in detecting, analyzing and defending against cyber attacks. Below is a selection of certifications held by our cyber defense analysts, incident responders, digital forensics experts and malware analysts.
The most important FAQ from the Managed Detection & Response area
Since the detection mechanisms are selected from our use case database on a customer-specific basis, it is not possible to make a categorical statement in this regard.
However, during an initial consultation, we would be happy to show you the potential coverage provided by the MDR service using the MITRE ATT&CK matrix. Please contact our sales team for this.
At the beginning of the contractual relationship, a fixed price per asset is set for various asset categories. Asset categories are differentiated between workstations, servers, network devices and firewalls (up to 1GB/s).
With our fixed price model, your future costs are clearly calculable and you save yourself unpleasant surprises.
After the assignment, the onboarding phase begins, during which close coordination with you takes place. Since cyber-attack detection is highly dependent on the particular IT landscape, service parameters need to be adapted to your organization at this stage.
Since this coordination is crucial for success, we take between four and eight weeks for this, depending on the size of the organization and the number of contacts.
During the onboarding phase, technical implementation is also already underway. However, this is usually completed much more quickly than the substantive coordination between the contracting parties.
Finally, the service goes into trial operation, which usually lasts a month. The total time to go live from the specified start date is therefore 8 to 12 weeks.
At the beginning, a precise coordination between the technical contacts on the customer side and the cyber defense experts of SECUINFRA is necessary in order to outline the existing IT landscape and to select suitable detection mechanisms.
The primary and ongoing task for you as a customer is to provide SECUINFRA with all the necessary information about your IT landscape so that the detection mechanisms always function reliably.
The task of your IT is then to connect all systems to be monitored to our system by installing agents or configuring the forwarding of logs via syslog. However, we will support you in this as far as possible.
SECUINFRA sets very high standards when recruiting staff and introduces each new employee to all relevant specialist topics in a program lasting several months to ensure consistent competence.
Since SECUINFRA has been exclusively dedicated to the detection, analysis and defense of cyber attacks since its foundation in 2010, our analysts already have extensive experience.
As a customer, you have a fixed contact person in the MDR area who exchanges information with you on a cyclical basis and is available if required. This applies to all administrative matters.
Since our cyber defense analysts are on duty around the clock, there can be no fixed point of contact for operational service that is available at all times. However, we make every effort to provide you with the same contact persons for each shift and for as long as possible.
According to the Service Level Agreement (SLA), the contractually guaranteed response time is 30 minutes, but the response is usually provided in less than 15 minutes.
The Service Level Agreement (SLA) guarantees 99.5% availability of the central components of the MDR service.
The so-called retention time is 60 days. During this time, the data can be used to detect and defend against attacks.
Our awards in the field of MDR
Best SIEM Consulting/Service company in Europe
Market Leader Award in Security Information and Event Management (SIEM)
Leading provider of SIEM consulting services in Germany
TOP 10 SIEM Consulting/Service company in Europe
Our MDR service: Optimally adapted to your IT landscape!
Every IT landscape is different and none is completely static. To address this, our Managed Detection and Response Service does not offer a fixed set of detection mechanisms, but always makes an individual selection and customization of all centralized detection mechanisms.
To achieve this goal, the onboarding of new customers into the SECUINFRA MDR service starts with a detailed exchange about the customer’s requirements and IT landscape. The goal is to develop a mutual understanding of the elementary processes, a mapping of the IT landscape to be monitored and a common detection target within the framework of a series of workshops.
The service workshops are followed by the deployment of the platform. For this purpose, log and network appliances are installed on site to ensure secure and reliable collection and transmission of security-relevant log and network data.
As soon as the first data has been transferred to one of our two data centers in Germany, the onboarding of the customer into SECUINFRA’s security monitoring begins. To enable environment-specific detection mechanisms, the provision of the necessary context data is coordinated.
To achieve the best possible response in the event of an emergency, key IT contacts are integrated into our runbooks.
As a rule, onboarding in SECUINFRA MDR is completed after four to eight weeks and the new customer moves on to SECUINFRA’s regular 24/7 monitoring.
MDR Service Modules
Our Managed Detection & Response Service has a modular structure and already includes a very broad range of functions and services in the basic version, which goes far beyond basic coverage of most requirement profiles.
With these modules, our Managed Detection & Response service already meets all the requirements defined by Gartner for a full MDR service and a Managed SOC (MSOC). Most cyber defense compliance requirements are also met out of the box with our service.
Our Managed Detection and Response (MDR) Basis Service already includes far more than comparable services offered by our competitors. It includes all technologies and services for comprehensive DETECTION, ANALYSIS and RESPONSE of cyber attacks based on event log data, threat intelligence feeds and cyber deception.
- 24/7 Cyber Detection & Response Center: Our Cyber Detection & Response Center (CDRC) is where true 24/7 monitoring of your systems takes place. Our analysts are on duty for you around the clock, 365 days a year, to detect cyber attacks on your company at an early stage, analyze them and defend against them in a targeted manner. Our 24/7 service keeps “Mean Time to Detect” (MTTD) to a minimum.
- Security Orchestration, Automation & Response (SOAR): To reduce alarm processing time, SECUINFRA deploys a Security Orchestration, Automation & Response system (SOAR). With its help, analyses and reactions are partially automated. In this way, we reduce the “Mean Time to Respond” (MTTR) to a minimum so that, in the event of a successful cyber attack, we can stop the attacker as early as possible and avert greater damage.
- Threat Intelligence: SECUINFRA uses strategic threat intelligence to select detection mechanisms and operationalizes threat intelligence data as part of threat hunting to uncover previously undetected attacks.
- Use-Case Library
- Security Information & Event Management (SIEM): The SIEM system is used to centralize all security-related log entries and events from third-party sources (e.g. anti-virus, IDS, EDR). Numerous use cases developed by SECUINFRA since 2010 in the areas of threat detection, user and entity behavior analytics (UEBA) and optionally machine learning are applied.
- Central log management: The database for the SIEM area is provided by our central log management. Security-related log data is collected centrally and stored in a searchable manner for a period of 60 days.
- Cyber Deception: With Cyber Deception, we deceive cyber criminals to identify their activities in their infrastructure. To do this, we smuggle specially prepared resources such as shares, accounts or supposed access data into your IT environment. In the attacker’s attempt to spy on your IT (Reconnaissance), to spread further (Lateral Movement) and to extend privileges (Privilege Escalation), sooner or later he will inevitably resort to the specially prepared resources. Since they are not used elsewhere, their use is a very clear sign that an attacker is on the network. This information flows into the central SIEM system as alarms with a very high priority.
However, should a major security incident occur, SECUINFRA provides support with the following services, which are billed on a time and material basis:
- Incident Management: In the event of major cyberattacks, professional coordination and communication is essential to contain and manage the attack. That’s where our incident response experts come in to help you with technical and non-technical challenges.
- Compromise Assessment: In the event of a cyber attack, it is extremely important to answer the question as quickly and reliably as possible: Which systems have been compromised? Our Compromise Assessment answers this question as quickly, efficiently and reliably as possible.
- Digital Forensics: Digital forensics enables detailed analysis and reconstruction of security incidents. Our goal here is to learn from the cyberattack and refine your defenses. In addition, the findings of our digital forensics experts enable prosecution and help you make claims against cyber risk insurance companies.
- Malware analysis: As part of malware analysis, we examine how malware works with the goal of gaining comprehensive insight into how it operates, understanding its potential impact on a system, and identifying appropriate measures for future mitigation and prevention. Our malware analysts use both static and dynamic analysis as well as reverse engineering.
Endpoint-based detection and response against cyber attacks is one of the most important pillars of modern cyber detection & response and is an optimal complement to log data-based attack detection.
Our Managed Detection & Response Service BASIS+ therefore includes the following services:
- Endpoint Detection & Response (EDR): Endpoint Detection & Response (EDR) systems form the technological basis for modern detection and defense against cyber attacks. To detect attacks on endpoints (workstations & server systems), SECUINFRA uses established EDR technologies for behavior-based detection of anomalies on endpoints. In addition to the pure detection of cyber attacks, EDR also offers the possibility to actively react to detected attacks. For example, processes can be terminated, local user accounts can be locked or entire systems can be isolated automatically. This helps to further reduce Mean Time to Respond (MTTR) by stopping a successful cyberattack at the most common entry point of a cyberattack, the endpoint.
The MDR Complete service adds the pillars of endpoint-based cyber attack detection and response and log data-based attack detection to the pillar of network-based cyber attack detection and defense. This provides you with comprehensive detection, analysis and defense against cyber attacks and puts you in an excellent position in this area.
- Network Intrusion Detection System (N-IDS): The traditional N-IDS is a network traffic virus scanner that detects attacker behavior based on signatures. Using traditional N-IDS, our analysts detect the transmission and use of known malware, as well as access to the command-and-control infrastructure of known attackers.
- Network Detection & Response (NDR): In addition to the classic Network IDS, SECUINFRA offers behavior-based detection of attackers at the network level. This uses an advanced Network Detection & Response (NDR) system that, unlike traditional products such as N-IDS, relies on behavioral pattern detection. The data generated is not only extremely valuable for detecting attacks, but is also used by our analysts as part of the response process to contextualize suspicious events. In addition to attack detection and contextualization capabilities, our NDR also provides the ability to actively respond to detected attacks. For example, communication relationships can be terminated, access to command and control servers can be blocked, or IT systems can be isolated automatically to minimize the impact of detected security incidents.
Our MDR Premium Service complements our comprehensive MDR Complete Service for detecting, analyzing and defending against cyber attacks with Vulnerability Management, which is important for compliance reasons.
- Vulnerability Management: Known vulnerabilities are often not closed because there is no overview of the current patch status and new vulnerabilities. This is where our Vulnerability Management Service comes in. We check your systems for known vulnerabilities and provide you with consolidated results.
In addition to the comprehensive detection, analysis and defense against cyber attacks from our MDR Complete service and vulnerability management, which is important for compliance reasons, we support you with our MDR Premium+ service in reducing the risk of successful phishing attacks on your company:
- Anti Phishing: Phishing is one of the main gateways for successful cyber attacks. The risk can be reduced through various measures such as employee education and awareness, as well as technical protection measures such as anti-spam solutions, browser extensions and sandboxes. Nevertheless, it happens again and again that suspicious e-mails reach the employees and they have to decide whether to open the attachment, click on the link or rather delete the suspicious e-mail. Wouldn’t it be very helpful to have experts at your side at all times when making this potentially momentous decision? This is exactly where SECUINFRA’s anti-phishing service comes in. In case of suspicious mails, your employees forward them to our experts via phishing button. They check the mails from an expert’s point of view and give your employees a prompt answer: phishing or legitimate.
That's why MDR from SECUINFRA!
More informative blog posts and technical articles!
References in the area of Managed Detection & Response (MDR)
SECUINFRA does not name clients or references publicly! Our customers’ desire for discretion always takes precedence over SECUINFRA’s marketing interests.
- SUCCESS THROUGH RECOMMENDATION
Since 2010, we have focused exclusively on the detection, analysis and defense of cyber attacks. Almost all customers have become aware of SECUINFRA through recommendations and have in turn recommended us to others.
- REFERENCE ON REQUEST
In case of legitimate interest, we will establish contact with suitable reference customers.